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DETAILED ACTION 

1. Applicant's arguments, filed April 18, 2005. with respect to claims 3-6, 9-15. and 
17-28 have been considered but are moot in view of the new ground(s) of rejection. 

Rejections 

2. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Claim Rejections - 35 USC §112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claims 12-14 and 17 is rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

5. Claims 12-14 and 17 recites the limitation "the security processor" in the third 
limitation. There is insufficient antecedent basis for this limitation in the claim. 

Claim Rejections - 35 USC § 103 

6. Claims 3-6. 9. 10. 18-20. 24. 25. 27. and 28 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Bromba et al. (U.S. Patent Publication No. 2001/0047479 
A1) in viewof Shen (E.P. No. 1,074,949). 
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Regarding claim 3, Bromba at al. teaches comprising: 

• An on-board memory for storing reference data (fig. 1 , ref. num 2), 

• An on-board sensor for capturing live biometric data (fig. 1 , ref. num 1 

• An on-board microprocessor for comparing the captured biometric data 
with corresponding stored reference data within a predetermined threshold 
and for generating a verification message only if there is a match within a 
predetermined threshold (fig. 1 , ref. num 3 and 4), and 

• Means for communicating the verification message to an external network 
(fig. 1 , connection from 4 to 5 and paragraph 0028), 

• Wherein the verification message includes at least excerpts from the stored 
reference data (paragraph 0026), and 

• Wherein the verification message includes at least excerpts from the captured 
biometric data (paragraph 0026). 

Bromba at al. does not teach the use of an intelligent identification card, but 
rather an easily accessible device, such as a telephone or computer (paragraph 0022). 

Shen teaches the use of an intelligent identification card (fig. 1 , ref, num 1 ). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine using an intelligent identification card, as taught by 
Shen . with the apparatus of Bromba et al. It would have been obvious for such 
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modifications because intelligent identification cards provide a means for a user to carry 
only one card, which contains cash-like value along with other identification so that the 
user is not overwhelmed with one card for each transaction. 

Regarding claim 4, Bromba et al. as modified by Shen teaches wherein the 
verification message is transmitted to a remote authentication system- for additional 
verification (see paragraph 0028 of Bromba et al.). 

Regarding claim 5, Bromba et al. as modified by Shen teaches wherein the 
remote authentication system includes remotely stored reference data that is different 
from the locally stored reference data (see paragraph 0028 of Bromba et al.). 

Regarding claim 6, Bromba et al. as modified by Shen teaches wherein the on- 
board microprocessor uses a different matching algorithm than that used at the remote 
authentication system (see paragraph 0025 and 0028 of Bromba et al.). 

Regarding claim 9, Bromba et al. as modified by Shen teaches wherein the card 
is ISO Smartcard compatible (see col. 1 , lines 6-20 of Shen). 

Regarding claim 10, Bromba et al. as modified by Shen teaches further 
comprising an ISO Smartcard processor (see col. 1 , lines 6-20 of Shen, a smartcard 
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that would be used to replace all other cards would inherently be compatible to the ISO 
standard). 

Regarding claim 18, Bromba et aL as modified by Shen teaches wherein the 
biometric data includes fingerprint data and the sensor is a fingerprint sensor which 
captures data from a user's finger placed on the sensor (see paragraph 0023 of Bromba 
et al.). 

Regarding claim 19, Bromba et al. as modified by Shen teaches wherein real- 
time feedback is provided while the user is manipulating his finger over the fingerprint 
sensor, thereby facilitating an optimal placement of the finger over the sensor (see col. 
4, lines 18-23 of Shen). 

Regarding claim 20, Bromba et al. as modified by Shen teaches wherein the 
matching process utilizes a hybrid matching algorithm that takes into account both 
minutiae and overall spatial relationships in the captured biometric data (see col. 3, lines 
42-57 of Shen). 

Regarding claim 24, Bromba et al. as modified by Shen teaches wherein the card 
further comprises means for restricting use of the card to a predetermined location (see 
col. 1 , lines 6-14 of Shen). 
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Regarding claim 25, Bromba et aL as modified by Shen teaches wherein at least 
some of the captured biometric data and the reference data are transmitted to a 
separate authentication server for secure verification of a user's identity priori to any 
grant of on-line access to an application server for processing of secure financial 
transactions involving that user (see col. 3, lines 28-36 of Shen and paragraph 0028 of 
Bromba et al.). 

Regarding claim 27, Bromba et al. as modified by Shen teaches wherein the 
output from the card is used to obtain physical access into a secure area (see col. 1 , 
lines 9-12 of Shen). 

Regarding claim 28, Bromba et al. as modified by Shen teaches wherein a record 
of successful and unsuccessful access attempts is maintained on the card (see col. 4, 
lines 8-1 7 of Shen). 

Claims 11-13 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bromba et al. (US Pub. No. 2001/0047479 A1) in view of Shen (E.P. No. 1,074,949), 
and further in view of McPhillie et al. (UK Patent Application No. GB 2 2336 005 A) 

Regarding claims 11-13 . Bromba et al. as modified by Shen teaches all the 
limitations of claims 3, 9, and 10, above. However, Bromba et al. as modified by Shen 
does not teach wherein a security processor used for storing and processing the 
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protected biometric data is functionally separated from the ISO Smartcard processor by 
a firewall, all external data to and from the security processor passes through the ISO 
Smartcard processor, all external data to and from the ISO Smartcard processor passes 
through the security processor. 

McPhillie et al. teaches wherein a security processor used for storing and 
processing the protected biometric data is functionally separated from the ISO 
Smartcard processor by a firewall, all external data to and from the security processor 
passes through the ISO Smartcard processor, and all external data to and from the ISO 
Smartcard processor passes through the security processor (fig. 3-5 and page 7, line 7 
through page 12, line 21 ). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine separating the two processors by a firewall and 
causing all communications in and out of one processor to go through the other 
processor, as taught by McPhillie et al. . with the card of Bromba et al./Shen . It would 
have been obvious for such modifications because the secure processor can perform 
the secure calculations, while the unsecure processor can handle regular tasks not 
dealing with cryptography. This allows more operation-specific processors to be used in 
the smart card. 
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Claims 14 and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Bromba et al. (U.S. Patent Pub. No. 2001/0047479 A1 ) in view of Shen (E.P. No. 
1,074.949), and further in view of Cassistaet al. (U.S. Patent No. 6.385,729). 

Regarding claims 14 and 15 , Bromba et al. as modified by Shen teaches all the 
limitations of claims 3, 9, and 10, above. However, Bromba et al. as modified by Shen 
does not teach the security processor has a first connection used for loading data 
during a loading process and a second connection connected to an external network 
and the first connection is permanently disabled after the loading process has been 
completed. 

Cassista et al. teaches the security processor has a first connection used for 
loading data during a loading process and a second connection connected to an 
external network and the first connection is permanently disabled after the loading 
process has been completed (paragraph 0120). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine two connections on the card, one that is disabled after 
the initial loading is completed, as taught by Cassista et al. , with the card of Bromba et 
al./Shen . It would have been obvious for such modifications because disabling the 
connection path helps limit the amount of battery draw from the circuit because there is 
no need to transmit data across that disabled line (paragraph 0120 of Cassista et al.). 
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Claim 17 is rejected under 35 U.S.C. 103(a) as being unpatentable over Bromba 
etal. (U.S. Patent Pub. No. 2001/0047479 A1 ) in view of Shen (E.P. No. 1 .074,949), 
and further in view of Powell (U.S. Patent No. 6,456.980). 

Regarding claim 17, Bromba et al. as modified by Shen teaches wherein the 
biometric sensor is a fingerprint sensor (see col. 3, lines 9-12 of Shen); and the security 
processor, the ISO Smartcard processor and the fingerprint sensor are all located in a 
middle region between the upper region and the lower region (see fig, 1 of Shen). 

Bromba et al. as modified by Shen does not specifically teach the card comprises 

♦ 

an upper magnetic stripe region and a lower embossed region. 

Powell teaches the card comprises an upper magnetic stripe region and a lower 
embossed region (fig. 5A and 5B and col. 4, line 61 through col. 5, line 5). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine an upper magnetic region and a lower embossed 
region, as taught by Powell , with the card of Bromba et al./Shen . It would have been 
obvious for such modifications because the upper magnetic region allows for 
conventional credit card readers to read the card and the lower embossed region allows 
the users name to be displayed (see col. 5, lines 1-5 of Powell). 
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Claims 21-23 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bromba et al. (U.S. Patent Pub. No. 2001/0047479 A1) in view of Shen fE.P. No. 
1 ,074,949), and further in view of Neuhaus et al. (U.S. Patent No. 6,853,087), 

Regarding claims 21-23, Bromba et al. as modified by Shen teaches all the 
limitations of claims 3 and 18, above. However, Bromba et al. as modified by Shen 
does not teach wherein the fingerprint sensor comprises a sheet of crystalline silicon 
supported by a backing plate, the backing plate comprises a glass epoxy layer 
sandwiched between two metal layers, and the backing plate is reinforced by a carrier 
frame surrounding the sheet of silicon. 

Neuhaus et al. teaches wherein the fingerprint sensor comprises a sheet of 
crystalline silicon supported by a backing plate, the backing plate comprises a glass 
epoxy layer sandwiched between two metal layers, and the backing plate is reinforced 
by a carrier frame surrounding the sheet of silicon (col. 4, line 62 through col. 5, line 17). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a silicon fingerprint sensor, epoxy backing, and 
reinforcing the backing by a carrier frame, as taught by Neuhaus et al. . with the card of 
Bromba et al./Shen . It would have been obvious for such modifications because the 
materials used provide protection of the chip. 
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Claim 26 is rejected under 35 U.S.C. 103(a) as being unpatentable over Bromba 
et al. (U.S. Patent Pub. No. 2001/0047479 A1) in view of Shen (E.P. No. 1,074,949), 
and further in view of Kraiewski et al. (U.S. Patent No. 5,590,199). 

Regarding claim 26, Bromba et al. as modified by Shen teaches all the limitations 
of claims 3 and 25, above. However, Bromba et al. as modified by Shen does not teach 
wherein in response to a match request relating to a particular logon attempt at a 
particular application server which produces a positive match at the authentication 
server, a secure three-way authentication protocol is executed in which a challenge 
character sequence is sent from the authentication sever to the identification card as, 
the identification card then uses the challenge character sequence and the match 
request to generate a challenge response which it then fonA^ards to the application 
server, the application server then fonA^ards the challenge response to the 
authentication server, which then verifies whether the challenge response is valid. 

Kraiewski et al. teaches wherein in response to a match request relating to a 
particular logon attempt at a particular application server which produces a positive 
match at the authentication server, a secure three-way authentication protocol is 
executed in which a challenge character sequence is sent from the authentication sever 
to the identification card as, the identification card then uses the challenge character 
sequence and the match request to generate a challenge response which it then 
foHA/ards to the application server, the application server then forwards the challenge 
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response to the authentication server, which then verifies whether the challenge 
response is valid (col. 6, line 37 through coL 7, line 23). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine in response to a match request relating to a particular 
logon attempt at a particular application server which produces a positive match at the 
authentication server, a secure three-way authentication protocol is executed which 
verifies whether the challenge response is valid, as taught by Kraiewski et al. . with the 
card of Bromba et al./Shen . It would have been obvious for such modifications because 
challenge/response systems allow devices to verify a secret without having to exchange 
the secret in the clear. It would be useful to do this because the devices can ensure 
security without having to establish a common secret beforehand. 

Conclusion 

7. ' Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly. THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Hoffman whose telephone number is 571- 
272-3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 

■ 

Business Center (EBC) at 866-21 7-91 97 (toll-free). 
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